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1 .  INTRODUCTION 


This  report  is  concerned  with  establishing  a  methodology  for 
the  design  of  complex  real-time  digital  systems.  These  systems  are 
dedicated  to  a  single  objective,  such  as  flight-guidance,  coimnuni ca¬ 
tion  switching,  patient  monitoring,  or  industrial  process-control. 

The  overall  task  of  the  system  can  be  decomposed  into  several  sub¬ 
sidiary  tasks,  each  of  which  contributes  to  the  overall  objective. 

Efficient  implementations  exploit,  as  much  as  possible,  the  high 
degree  of  concurrency  usually  involved  in  such  systems.  Multimicro¬ 
computer  and  VLSI  implementations  are  of  particular  interest.  Structured 
programming  [LI-MI-WI]  has  become  a  generally  accepted  approach  in 
modem  software  engineering.  A  similar  approach  can  be  applied  to 
the  design  of  complex,  coDft>ined  hardware/software  systems,  leading 
to  a  structured  design  methodology.  The  importance  of  such  a  design 
methodology  has  recently  been  emphasized,  particularly  in  connection 
with  the  growing  trend  towards  computer-aided  design  of  VLSI-systems 
[LEW],  [MEA-CON]. 

The  major  steps  involved  in  a  structured,  top-down  design 
approach  are  the  following: 

(1)  system  requirements  specification 

(2)  stepwise  refinement 

(3)  implonentation 

(4)  verification. 

In  the  following  section  we  survey  some  of  the  publications  dealing 
with  the  above  design  steps.  In  Sections  3.6  we  develop  an  alternative 
methodology  of  specifying  system  requirements.  In  Section  7  we  very 
briefly  indicate  the  applicability  of  this  method  to  the  derivation 
of  efficient  and  correct  implementations. 


2.  SURVEY  OF  RELATED  WORK 


The  difficulties  involved  in  designint;  and  maintaining  complex 
software  have  led  to  extensive  studies  of  suitable  methodologies. 

In  particular,  the  problem  of  software  requirements  specification 
has  received  considerable  attention.  Consequently,  a  variety  of 
requirements  specification  languages  have  recently  been  developed. 
Typical  examples  of  such  languages  are  described  in  [DAV] ,  [LEV-MUL], 
[ZAV] .  These  languages  are  mainly  intended  to  facilitate  the  develop¬ 
ment  of  software,  rather  than  hardware  systems  or  combined  hardware/ 
software  systems.  They  assume  a  well-defined,  fixed  architecture, 
for  which  a  particular  software  is  to  be  developed. 

However,  an  essential  advantage  of  any  suitable  structured  system 
design  is  the  integrated  approach  to  hardware  and  software,  enabling 
the  designer  to  postpone  his  decision  about  hardware/software  partition 
ing  to  a  late  stage  in  his  design.  Such  a  structured  system  design 
methodology  calls  for  requirement  specification  methods  applicable  to 
both  hardware  systems  as  well  as  combined  hardware/software  systems. 

Of  especial  interest  are  specification  methods  which  clearly  establish 
feasible  concurrences  in  the  system. 

Various  research  groups  have  recently  devoted  considerable  efforts 
to  the  development  of  specification  methods  for  complex,  highly- 
concurrent  systems,  based  on  suitable  modifications  and  extensions  of 
the  concept  of  Petri  net.  Some  of  these  efforts  are  described  in 
[VAL-COU],  [MOA-DAV],  [QUE] ,  [WOJ] ,  [YOE  82a],  [YOE-BAR],  [VOSS], 

[KYNG] .  Closely  related  to  these  Petri-net  oriented  approaches  is 
the  Graph  Model  of  Behavior,  which  forms  part  of  the  SARA  design 
methodology  being  developed  at  UCLA  [EST],  [RAZ] . 


Recently,  methods  for  the  sped  f.i  cat  ion  and  verification  of 
protocols  have  been  extensively  studied  [SUM79] ,  [SUN82] .  Some  of 
these  methods  are  applicable  to  the  more  general  problem  of  a  specifica¬ 
tion  methodology  for  digital  highly-concurrent  systems. 

An  extensive  literature  is  presently  available  on  the  design 
and  implementation  of  multi-microcomputer  systems  (for  an  annotated 
bibliography  see  [SAT]).  However,  most  of  the  papers  describe  selected 
aspects  of  particular,  experimental  systems.  On  the  other  hand,  valuable 
contributions  towards  a  systematic  design  methodology  are  [WEI] ,  [VAL- 
COU] ,  [CAM-ROS] ,  [EST] ,  [KER] .  Specific  issues  relevant  to  a  systematic 
design  methodology  are  discussed  in  e.g.  [AND-JEN],  [ADA-ROL] ,  [LAM], 
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In  this  and  the  following  three  sections  we  describe  a  system 
requirements  specification  method  which  has  the  following  features. 

(a)  It  uses  extended  net  concepts  to  provide  a  concise  and  mathemat¬ 
ically  precise  model. 

(b)  It  introduces  a  clear  separation  between  control  structure  and 
data  (processing)  structure. 

(c)  It  is  based  on  a  structured  approach  to  parallel  programming. 

In  view  of  the  above  features  the  specification  method  facilitates 
analysis,  design,  implementation,  verification  and  testing  of  the 
overall  system. 


3.2  Control/Data  Decomposition 


Tbe  digital  systems  we  are  concerned  with  may  be  considered  as 
consisting  of  two  parts:  a  control  structure  and  a  data  structure 
[BRU-ALT],  [YOE-BRZ] ,  [LEW],  [VAL-COU] .  The  data  structure  consists 
of  specific  devices  (operational  units)  such  as  adders,  counters,  etc. 
The  control  structure  supervises  the  activities  and  sequencing  of 
these  devices. 


Another  essential  feature  of  the  digital  systems  we  are  interested 
in,  is  their  high  degree  of  concurrency.  Furthermore,  we  assume  the 
devices  to  operate  asynchronously.  The  combined  effect  of  concurrency 
and  asynchronous  operations  may  be  utilized  in  order  to  achieve  high¬ 
speed  overall  performance  of  the  system. 
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3.3  Some  Basic  Control  Structures 


We  first  consider  a  few  simple  control  structures,  as  well  as 
methods  for  using  them  to  form  more  complex  structures.  As  will 
become  evident  in  the  sequel,  our  approach  is  strongly  related  to 
basic  aspects  of  structured  programming. 

We  shall  use  Figure  1  to  explain  some  basic  concepts,  as  we]l 
as  to  introduce  our  first  example  of  a  simple  control  structure. 


i 


*  -• 


CONTROL 

STRUCTURE 


DATA 

STRUCTURE 


Figure  1.  (a)  Outside  connections  of  PAR2  control 
structure 

(b)  Abbreviated  notation. 

All  the  signals  indicated  in  Figure  1  are  instantaneous;  they  may 
correspond  e.g.  to  the  rising  edge  (0  -►  1  transition)  of  suitable 
pulse  signals. 

Assume  the  ystem  shown  in  Figure  1  to  be  idle.  Upon  the 
arrival  -  G  "Go")  input,  the  control  structure  PAR 2  becomes  active. 


.*•  *-  ’•  * 
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by  issuing  the  signals  a  and  b  cither  concurrently,  or  one  after 
the  other.  These  signals  initiate  the  operation  of  the  corresponding 
devices.  Each  device  issues,  upon  completion  of  its  operation,  the 
corresponding  completion  signal  (a  or  b) .  The  control  structure  PAR2 
sMaits  the  arrival  of  both  completion  signals  a  and  b,  whereupon 
it  produces  the  output  0  ("Done")  and  returns  to  its  idle  state. 

Thus  the  sequence  of  signals  GbaabD  is  an  example  of  a  feasible 
input-output  sequence  which  takes  the  control  structure  PAR2  exactly 
once  through  the  cycle  of  states  idle-active- idle.  We  call  any  such 
input-output  sequence  a  basic  behavior  sequence  and  denote  by  B(CS) 
the  basic  behavior,  i.e.  the  set  of  all  basic  behavior  sequences,  of 
the  control  structure  CS.  For  the  control  structure  PAR2  of  Figure  1 
we  obtain: 

B(PAR2)  -  {GababD,  Gabb^,  Gbaabd,  Gbab^,  GaabbD,  GbbaaD}. 

Two  points  concerning  this  definition  of  basic  behavior  need 
clarification.  Firstly,  we  replace  the  simultaneous  occurrence  of  two 
or  more  signals  by  their  sequential  occurrences,  in  ail  possible 
orders.  Since  we  assume  all  signals  to  be  instantaneous,  this  approach 
is  well  motivated  and  is  closely  related  to  the  "Single-Observer 
Principle"  in  [MIL],  as  well  as  the  "Arbitration  Condition"  in  [KEL74] . 
Secondly,  we  make  no  assumptions  as  to  the  relative  speeds  of  the 
control  structure  and  the  devices.  Hence,  we  consider  e.g.  the  input- 
output  sequence  GaabbD  feasible.  Namely,  we  admit  the  possibility 
that  the  completion  signal  a  is  received  before  the  initiation  signal 
b  has  been  produced. 

The  above  expression  for  B(PAR2)  can  be  simplified  by  means  of  the 
formal  language  operators  introduced  in  Appendix  A.  Indeed, 

B(PAR2)  «  G  o  (aalibb)  o  D  . 
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The  preceding  considerations  are  easily  extended  to  a  control 
structure  PARK,  controlling  the  concurrent  op-^ration  of  k  ^  2  devices. 
We  denote  by  a.  the  initiation  signal  of  the  i-th  device,  and  by  a^ 
its  completion  signal.  Then  (see  Appendix  A) 

B(PARk)  =  Go|l/{ija^ll  ^  i  ^  k}  o  d  . 

One  easily  sees,  at  least  informally,  that  a  PARS  control  struct¬ 
ure  can  be  obtained  by  interconnecting  two  PAR2  structures,  as  indicate i 
in  Figure  2. 


Figure  2.  Two  PAR2  control  structures  inter¬ 
connected  to  form  a  PARS  control 
structure . 

Another  simple  control  structure  is  SEQk,  k  ^  2,  SEQk  activates 
k  devices  sequentially  (Sj  first,  last).  Its  outside  connections 
are  the  same  as  those  of  PARk ,  and  its  basic  behavior  is  specified  by 

B(SEQk)  *  ••• 

k  ^ 

«Go(na.a.)oL. 

i»l 


From  a  purely  logic  viewpoint,  SEQ^  can  be  simply  realized  by  connect 


ing  corresponding  parts,  namely  G  ^  a^,  -*■  a^, . . .  ,a^  1  ®k’  \  ^ 


From  a  circuit  viewpoint,  however,  signal  regeneration  might  be 
necessary.  The  abbreviated  notation  for  SEQk  is  shown  in  Figure  3. 

Generally  speaking,  we  assume  that  the  data  structure  provides 
status  information  to  the  control  structure,  by  means  of  suitable 
level-type  status  signals. 


Figure  3.  Abbreviated  notation  for  SEQk. 


The  DEC  control  structure  shown  in  Figure  4  corresponds  to  the 
if-then-else  construct  of  conventional  programs. 


Figure  4.  (a)  Outside  connections  of  DEC  control 
structure 

(b)  Abbreviated  notation. 
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In  Figure  4  we  denote  by  p  an  incoming  (level-type)  status 
signal.  We  write  p  (instead  of  ~p  or  np)  to  indicate  NOT-p. 

The  basic  behavior  of  the  DEC  control  structure  (Figure  4)  is 
then  specified  by 

B(DEC)  =  (Gpa^,  GpbbD). 

Another  control  structure  taken  over  from  conventional  (structured) 
programming  is  the  WHILE  structure  shown  in  Figure  S. 


The  basic  behavior  of  the  WHILE  structure  of  Figure  5  is  given  by 
B(WHILE)  =G(paa)*  pD. 

Figure  6  shows  an  example  of  a  parallel  computation  structure,  which 
illustrates  the  application  of  a  composite  control  structure.  One 
easily  verifies  that  for  an  integer  y  i  0  and  an  arbitrary  integer 
X  the  computation  structure  of  Figure  6  will  produce  the  product  of 
X  and  y . 

So  far  we  have  introduced  a  few  basic  control  structures  and 
have  illustrated  the  possibility  of  composing  them  in  order  to  obtain 
the  control  part  of  a  parallel  computation  structure. 


Figure  6.  Exanple  of  parallel  computation 
structure . 

It  is  noteworthy  that  the  simple  control  structures  introduced 
so  far  are  quite  powerful,  when  considered  as  basic  building  blocks 
by  means  of  which  more  complex  structures  can  be  composed.  Hence 
these  or  similar  building  blocks  may  be  selected  as  basis  for  a 
structured  approach  to  the  design  of  complex  control  structures 
(cf.  [WEIl,  [BRU-ALT],  [DAC-BLA]). 

However,  we  also  wish  to  investigate  control  structures  which 
cannot  be  obtained  by  the  composition  of  the  simple  control  structures 
discussed  so  far.  In  the  sequel  we  introduce  a  suitable  formalism 
which  will  enable  us  to  deal  with  this  problem  in  a  precise  and 
concise  way. 
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4.  PARALLEL  CONTROL  GRAPHS 


In  this  section  we  introduce  the  concept  of  parallel  control 
graph  (PCG),  following  [BOL-YOE]  and  [YOE-GIN] . 

4.1  Basic  Concepts 

Definition  4.1  A  parallel  control  graph  (PCG)  is  a  finite,  direct¬ 
ed  graph  G  with  the  following  properties: 

(1)  Each  node  of  G  is  of  one  of  the  seven  types  shorn  in  Figure  7. 

(2)  Multiple  edges  are  not  admitted. 

(3)  G  has  exactly  one  START  node  S  and  exactly  one  HALT  node  H. 

(4)  There  exists  a  directed  path  from  S  to  every  other  node  v  of  G. 

(5)  There  exists  a  directed  path  from  every  node  v  H  of  G  to  the 
node  H. 

Evidently  a  PCG  cannot  have  self- loops  (i.e.  cycles  of  length  1). 
Examples  of  PCGs  are  shown  in  Figure  8. 

We  shall  refer  to  nodes  of  type  FORK,  JOIN,  DECIDER,  and  UNION 
as  control  nodes.  A  PCG  with  DECIDER  and  UNION  nodes  as  only  control 
nodes  is  purely  sequential.  Similarly,  a  PCG  with  FORK  and  JOIN  nodes 
as  only  control  nodes  is  purely  parallel. 


Definition  4.2  Let  G  be  a  PCG.  A  marking  m  of  G  is  a  function 


m 


m:  E  u,  where  E  is  the  edge  set  of  G  and  u  is  the  set  of  non¬ 
negative  integers.  A  marked  PCG  is  an  ordered  pair  (G,in),  where  G 
is  a  PCG  and  m  is  a  marking  of  G. 


kii: 


NODE  TYPE  INDEGREE  OUTDEGREE  GRAPHICAL  REPRESENTATION 


START  0 


HALT  1  0 

FORK  1  2 

JOIN  2  1 

DECIDER  1  2 

UNION  2  1 

OPERATION  1  1 


Figure  7.  Node  types  of  PCG. 


Figure  8.  Exanples  of  PCGs. 
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Let  e  be  an  edge  of  the  marked  PCG  (G,m) .  We  refer  to  m(e) 
as  the  number  of  tokens  on  e.  If  m(e)  >  0,  we  say  that  e  is 
marked.  In  the  graphical  representation  of  marked  PCGs,  tokens  are 
indicated  by  dots  (•).  Figure  9  shows  examples  of  maiked  PCGs. 


Figure  9.  Examples  of  marked  PCGs. 

Definition  4.3  Let  (G,m)  be  a  marked  PCG.  A  node  of  type  OPERATION 
or  DECIDER  or  FORK  is  enabled  iff  its  inedge  is  marked.  A  JOIN  node 
is  enabled  iff  both  its  inedges  are  marked.  A  UNION  node  is  enabled 
iff  at  least  one  of  its  inedges  is  marked.  A  node  which  is  enabled 
may  fire. 

The  firing  rules,  illustrated  in  Figure  10,  are  as  follows: 


. 

'a 


m 


I 

fe'fl 


S' 


.V 


n-3 


Definition  4.4 

(a)  The  firing  of  a  FORK  node  decreases  the  marking  of  its  inedge 
by  1  and  increases  the  marking  of  both  its  outedges  by  1. 
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(b)  The  firing  of  a  JOIN  node  decreases  the  markings  of  both  its 
inedges  by  1,  and  increases  the  marking  of  its  outedge  by  1. 

(c)  The  firing  of  a  DECIDER  node  decreases  the  marking  of  its  inedge 
by  1,  and  increases  the  marking  of  either  one  of  its  outedges  by  1. 

(d)  The  firing  of  a  UNION  node  decreases  the  marking  oi  one  of  its 
marked  inedges  by  1,  and  increases  the  marking  of  its  outedge  by  1. 

(e)  The  firing  of  an  OPERATION  node  decreases  the  marking  of  its 
inedge  by  1  and  increases  the  marking  of  its  outedge  by  1, 

For  example,  node  J  in  Figure  9(a)  is  enabled.  The  firing  of  J 

yields  the  marked  PCG  of  Figure  9(b). 

Marked  PCGs  can,  of  course,  also  be  defined  in  terms  of  Petri 

nets  (cf.  [Y0E79]). 


4.2  Well-Formed  PCGs 

We  now  define  well-fonwd  PCGs.  Ut  m  and  m'  be  markings  of 
the  PCG  G. 

We  write  m  X  m'  to  indicate  that  the  marking  m'  is  obtainable 
from  the  marking  m  by  firing  node  v.  We  write  m  -►  m'  to  state 
that  m'  is  reachable  from  m  by  the  successive  firing  of  one  of  more 
nodes  of  G.  Furthermore,  we  set 

Im]  =  (m*  Im  m'>  U  (m). 

We  shall  refer  to  [m]  as  the  set  of  all  markings  reachable  from  m. 

We  denote  by  Cg  the  outedge  of  the  START  node  S,  and  by  ej^ 
the  inedge  of  the  HALT  node  H. 

Definition  4.S  The  initial  marking  m^  of  a  PCG  G  is  defined  as 


follows: 


(e>)  ■  1  and  «  (e)  ■  0  for  every  «  i<  eg. 
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k  marking  m  of  G  is  final  Iff  Tn(ej^)  >0.  We  denote  by  Mp  the 
set  of  all  final  markings  of  G. 

Let  G  be  the  PCG  shown  in  Figure  9,  m  its  marking  shown  in 
Figure  9(a)  and  the  marking  shown  in  Figure  9(b).  Then 

"a  ^  ^“o^  ’  “b  ^  ^"o^  *  “b  ^  ^F  ■ 

Definition  4.6  A  PCG  G  is  terminating  iff  (Vto  £  [m^])  ([mj  0  Mp  0) 
i.e.  if  m  is  reachable  from  m^,  then  there  exists  a  final  marking 
reachable  from  m. 

By  deadlock  we  mean  a  marking  m  such  that  [m]  n  =  0.  i .e . 

' '  '  r 

no  final  marking  is  reachable  from  m.  Thus,  G  is  terminating  iff  no 

deadl^'ck  is  reachable  from  m  . 

o 

One  easily  verifies  that  the  PCGs  of  Figures  8(a),  8(b)  and  9 
are  terminating,  whereas  the  graph  of  Figure  8(c)  is  not  terminating. 

Definition  4.7  Let  G  be  a  PCG  and  E  its  edge  set.  G  is  residue- 
free  iff 

(Vta  €  [m J)|m  €  -♦  I  m(e)  =  l]  , 

°  L  F  e€E  J 

i.e.  for  any  final  marking  m  reachable  from  m^,  the  marked  PCG 
(G,m)  contains  exactly  one  token  (namely  on  e^^) . 

Definition  4.8  A  PCG  G  with  edge  set  E  is  safe  iff 
(Vta  £  (m^l)(Ve  £  E)m(e)  s  1, 

i.e.  the  number  of  tokens  on  any  edge  e  cannot  exceed  1,  under  any 

marking  m  reachable  from  m  . 

o 

The  following  proposition  is  an  immediate  consequence  of 
Theorem  3 . 1  of  [YOE-GIN] . 

Proposition  4.1  Every  well -formed  PCG  is  safe. 


5.  PARALLEL  CONTROL  STRUCTURES 


This  section  is  based  on  IBOL-YOE] . 

5.1  Basic  Concepts 

A  parallel  control  structure  (PCS)  is  a  suitably  labelled  PCG 
IY0E79] . 

Definition  5.1  A  parallel  control  structure  (PCS)  r  consists  of 
the  following: 

(1)  A  PCG  G(r) 

(2)  A  finite  alphabet  E  of  operation  letters.  Every  OPERATION 
node  of  G(r)  is  labelled  by  a  letter  of  Z. 

(3)  A  finite  alphabet  n  of  predicate  letters.  Every  DECIDER  node 
D  of  G(r)  is  labelled  by  a  letter  of  n.  Furthermore,  one  out¬ 
going  edge  of  D  is  labelled  T  (true),  and  the  other  edge 

F  (false) . 

An  example  of  a  PCS  is  shown  in  Figure  11. 


Z  =  {a,b,c} 
n  =  (p) 


Example  of  PCS  (Fj) . 


Figure  11. 


A  PCS  r  is  well-formed  iff  G(r)  is  well-foraed. 


Definition  5.2  Let  G  be  a  PCG.  A  node  sequence 
^^1*^2’  ’  ■  ■ 

is  a  firing  sequence  of  G  iff  there  exist  markings  . . .  .m^^) 

of  G  such  that: 

V. 

m^^  j  ^  >  mj^  for  1  $  i  $  n, 

where  m  is  the  initial  marking  of  G  and  m  is  final  (i.e. 
o  n 

m^CMp). 

Definition  5.3  Let  r  be  a  PCS.  We  denote  by  S  the  set  of 
negated  predicate  letters ,  i.e. 

fi  =  {plpcn). 


Let  o  *  (Vj,V2, . . . ,v^)  be  a  firing  sequence  of  G(r)  and 
the  corresponding  sequence  of  markings.  We  associate  with  every  v 
in  a  a  symbol  in  £  U  {X},  where  £  >  £  U  n  U  n  and  X 

denotes  the  empty  sequence,  in  accordance  with  the  following  rules: 

(a)  if  V.  is  a  FORK  or  a  JOIN  or  a  UNION,  then  »  X. 

(b)  if  is  an  OPERATION  node,  then  »  a,  where  o  C  £  is 
the  label  of  in  F. 

(c)  if  is  a  DECIDER  with  label  p  €  n,  outedge  e^  labelled  T 
and  outedge  e2  labelled  F,  then  »  p  if  m^Cep 

else  Vj  •  p. 


We  set 


a  €  (£)*. 


I 


V. 


Thus 
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Definition  5.4 


Let  r  be  a  PCS.  With  r  we  associate  the 


language  L(r)  c  (£)  defined  as  follows: 

L(r)  *  {a  I  a  is  a  firing  sequence  of  G(r)}. 

For  example,  for  the  PCS  of  Figure  11  we  have 
LCPj)  =  {pab,  pba,  pc}. 

If  L(r)  =  L(r'),  r  and  r'  are  said  to  be  L- equivalent. 


Proposition  5.1 


regular. 


Let  r  be  a  well- formed  PCS.  Then  L(r)  is 


Proof  This  follows  from  Proposition  4.1,  stating  that  every  well- 
formed  PCG  is  safe.  Thus  the  set  of  markings  reachable  from  the 
initial  marking  is  finite.  Hence,  there  exists  a  finite  automaton  A 
such  that  L(A)  »  L(r) .  a 


Any  well-formed  PCS  r  represents  a  control  structure  CS 
(see  Section  3)  in  the  following  sense.  Let  T  be  the  PCS  obtained 
from  r  by  replacing  each  OPERATION  node  labelled  a  by  a  sequence 
of  two  OPERATION  nodes,  the  first  labelled  o  and  the  second  labelled 
o.  Then 

B(CS)  =  GO  L(f)  OD. 


5.2  Composition  of  PCSs 


Structured  programs  are  obtained  by  "successive  composition", 
using  a  given  set  of  basic  ("primitive")  control  structures  [LE-MAR] 
In  the  following  definition  we  extend  this  concept  of  "composition" 
to  PCGs  (cf.  IY0E791) . 


••  %“ 


m 


•  A  A'.'.'. . 


Definition  5.5  Let  6j  and  he  disjoint  PCGs  and  v  an 
OPERATION  node  of  Gj.  We  define  the  composition  Gj(v  G2)  to  be 
the  PCG  G  obtained  by  substituting  G^  for  v  in  G^,  as  indicated 
in  Figure  12. 


S  (c)  G»Gj(v  *•- Gj) 

Figure  12.  Illustrating  the  concept  of  composition 

(a)  PCG  Gj, 

(b)  PCG  G2, 

(c)  Composition  G=Gj  (v  *■  G2)  . 

One  easily  verifies  the  following  (see  [BOL-YOE]). 

Proposition  5.2  Let  G^  and  Gj  be  disjoint  PCGs,  and  v  an 
OPERATION  node  of  Gj.  Then  their  composition  G  =  Gj(v  G2)  is 
well-formed  iff  Gj  and  G2  are  well-formed. 

The  concept  of  "reducibility"  plays  an  important  role  in  the 
theor>'  of  structured  programming  (cf.  [LE-MAR]). 

Definition  5.6  Let  A  be  a  set  of  well-formed  PCGs,  A  =  {Gj,G2, 
and  r  a  PCS.  r  is  reducible  with  respect  to  A  iff  there  exists 
a  PCS  r ' ,  such  that 


(b)  G. 


•  «  •  .  •  •  •  -  •  >  •  w  w*.  ••  ,•  «“  .* 

•  y  ;  * ;  • .  c  v  ^ 


S'  S* 
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(1)  L(r')  =  L(r) 

(2)  G(r')  can  be  obtained  by  successive  compositions  of  PCGs  in  A. 
Figure  13  shows  primitive  "D-structures"  (D  for  Dijkstra,  see 

[LE-MAR]).  Dj  corresponds  to  SEQ2  (Section  3)  in  a  rather  evident 
way.  Similarly,  D2  corresponds  to  the  DEC  control  structure  defined 
in  Section  3. 


The  following  proposition  is  proven  in  [BOL-YOE] . 

Proposition  5.3  Let  r  be  a  well-formed,  cycle-free,  purely 

sequential  PCS.  Then  r  is  reducible  w.r.t.  (D^, 0^,02},  where 
the  D^'s  are  shown  in  Figure  13. 

The  reducibility  of  purely  parallel  PCSs  is  studied  extensively 
in  [GIN-YOE]  . 

Proposition  5.4  The  PCS  C2  shown  in  Figure  14  is  irreducible  with 
respect  to  A  =  {Hj,H2}  ,  where  Hj  =  Dj  (see  Figure  13)  and  H2  is 
s}iown  in  Figure  15. 


Proposition  S.S  The  PCS  Cj  show»  in  Figure  16  is  irreducible  with 
respect  to  any  set  A  of  purely  parallel  PCGs,  each  having  less 
OPERATKM  nodes  than  C^. 


Figure  14.  PCS 


Figure  IS.  PCG  H- 


One  easily  verifies  that  the  preceding  two  propositions  remain 
valid  even  if  the  corresponding  sets  L  are  replaced  by  larger  sets 
A'  =  A  U  Ag,  where  A^  is  an  arbitrary  set  of  purely  sequential  PCGs. 

The  above  observations  clearly  indicate  the  limitations  involved 
in  selecting  the  simple  control  structures  of  Section  3  as  a  basis  for 
a  structured  approach  to  the  design  of  complex  control  structures. 
Indeed,  the  irreducibility  results  derived  in  [GIN-YOE]  and  [BOL-YOE] 
lead  to  the  establishment  of  various  infinite  hierarchies  of  bases 
suitable  for  the  structured  design  of  complex  PCSs. 
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6.  PARALLEL  PROCESSING  STRUCTURES 


As  discussed  in  Section  3.2,  we  assume  ihat  complex  digital 
systems  are  composed  of  two  parts:  a  control  structure  and  a  data 
(processing)  structure.  The  formal  concept  of  PCS,  introduced  so  far, 
is  suitable  for  modeling  the  control  part  of  the  overall  digital  system. 
In  this  section  we  define  the  formal  concept  of  "Parallel  Processing 
Structure"  (PPS) .  Informally,  a  PPS  is  derived  from  a  PCS  by  adding 
an  "interpretation",  which  represents  the  data  processing  part  of  the 
system.  A  PPS  is  therefore  suitable  for  precisely  modeling  the  overall 
system.  The  formal  definition  of  the  PPS  concept  is  as  follows. 

Definition  6.1  A  parallel  processing  structure  (PPS)  consists  of 
the  following: 

(1)  A  PCS  r  (see  Definition  S.l) 

(2)  An  interpretation  I  of  r.  I  ■  (O.A.C).  where 
D  is  a  non-empty  set  of  data  (the  domain  of  I) ; 

A  is  a  mapping  associating  with  every  operation  letter  o  of  r 
a  binary  relation  A[a]  on  D.  i.e.  A[o]  c  Dx  D.  in  particular. 
A[o]:  D-^D  i.e.  A(o]  is  a  function. 

C  is  a  mapping  associating  with  every  predicate  letter  p  of  r 
a  one-place  predicate  C[p]  on  D. 

An  example  of  a  PPS  (r.I)  is  shown  in  Figure  17.  This  PPS  will 
perform  (similarly  to  the  parallel  computation  structure  of  Figure  6) 
the  multiplication  x*y.  for  an  arbitrary  integer  x  and  a  nonnegative 
integer  y.  The  product  is  obtained  as  final  value  of  d^,  provided 
the  initial  value  of  d  « 


•  .  •  •  •  •  ■ 
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v; 


domain 


D  3  (ii  X  Z, 

where  u  ^  set  of  nonnegative  integers 
Z  ^  set  of  integers. 

Let  d  ■  (dj,d2)  €  D,  where  dj  C  u,  d^  €  Z; 
mapping  A 

Atal(dj,d2)  «  (<lj+l,d2) 

Alb](dj,d2)  «  (dj,d2+x),  for  given  integer  x 
mapping  C 

C[p](dj,d2)  =  dj  <  y,  for  given  y  €  u>. 

(b)  Interpretation  I 
Figure  17.  Example  of  a  PPS  (r,I). 


Any  given  PPS  performs  some  coninitation.  This  concept  will  be 
made  precise  in  the  following  definition. 

Definition  6.2  Let  (r,I)  be  a  PPS.  For  every  operation  letter  o 
of  r,  we  set  0  ^  A(o].  For  every  predicate  letter  p  of  r  we  set 

p  ^  ((d,d)|d  €  D  A  C[p](d)} 

A 

p  ^  {(d,d)|d  €  D  A  X[p](d)). 

Let  w  €  E*,  where  £  «  E  U  n  U  if  (see  Definition  5.3).  With  w 
we  associate  the  binary  relation  w  on  D  as  follows. 

(1)  if  w  >  X,  then  w  is  the  identity  relation  on  D,  i.e. 
w  -  {(d.d)|d  €  D). 

(2)  if  w  =  WjWj  . . .  Wy,  where  w^  €  E  (1  $  i  $  r) ,  then 

^  "  "1**2  *•••*  •  denotes  composition  of  binary 

relations,  defined  as  usual. 

The  computation  performed  by  the  PPS  (r,I)  is  the  binary  rela¬ 
tion  C[r,I]  on  D  defined  by 

C[r,I]  -  U  {w|w  €  LCD)  . 

For  the  PPS  (r,I)  of  Figure  17,  one  easily  verifies  that 


(0,0)C[r,I](d. ,d-)  implies  d-  =  x*y. 
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7.  CONCLUSIONS 


7.1  Structured  Design  of  Concurrent  Digital  Systems 

The  theory  developed  in  this  report  provides  a  suitable  frame¬ 
work  for  a  structured,  top-down  approach  to  the  design  of  complex, 
highly  concurrent  digital  systems.  It  is  based  on  a  distinct  separa¬ 
tion  between  the  control  part  and  the  data  (processing)  part  of  the 
system.  The  control  part  is  modeled  by  the  formal  concept  of  paral.'el 
control  structure  (PCS).  It  is  shown  how  the  well-known  methodology 
of  structvired  programming  may  be  extended  to  the  design  of  well-formed 
(particularly  dead lock -free)  PCSs.  An  important  aspect  of  any  structured 
approach  to  design  is  the  selection  of  suitable,  primitive  building 
blocks.  The  theory  of  irreducible  PCSs,  discussed  in  this  report  ,  is 
therefore  an  essential  contribution  to  the  structured  design  methodology 
this  report  is  concerned  with. 

The  overall  digital  system  is  modeled  by  the  concept  of  parallel 
processing  structure  (PPS) .  A  PPS  consists  of  a  PCS,  representing 
the  control  part,  together  with  an  interpretation,  representing  the 
data  processing  part  of  the  system. 

The  structured,  top-down  design  of  a  complex,  highly  concurrent 
digital  system  is  best  started  from  a  high-level  specification  in  PPS 
format.  This  specification  is  then  transformed  by  stepwise  refinements 
into  a  low-level  description,  suitable  for  direct  implementation.  Each 
refinement  step  can  be  verified,  using  well-known  techniques  of  proving 
parallel  programs  correct  (cf.  [KEL76]). 


7.2  Proposed  Extensions  of  the  PPS  Mcdel 


The  PPS  nodel  introduced  in  this  report  can  easily  be  extended 
in  order  to  provide  additional  modeling  power.  The  incorporation  of 
arbiters  as  additional  building  blocks  is,  no  doubt,  essential.  In 
[YOE32b]  methods  were  developed  for  the  behavioral  specification  of 
arbiters.  The  formal  concepts  introduced  in  [YOE82b]  can  easily  be 
combined  with  the  PPS  model  developed  so  far. 

Another  important  extension  of  the  PPS  model  consists  of  the 
provision  of  relevant  timing  information,  such  as  the  (minimal  and 
maximal)  duration  of  an  operation,  maximal  delays  involved,  etc. 

Similar  timing  concepts  are  introduced  in  [MER]  and  [MOA-DAVJ . 

7.3  Implementation  of  a  PPS  Syst«n  Description 

Assume  now  that  the  structured,  top-down  design  methodology 
summarized  in  Section  7.1  has  led  to  a  low-level  PPS  description  of 
the  required  system. 

Various  techniques  are  available  for  the  direct,  asynchronous 
hardware  implementation  of  the  corresponding  PCS.  In  particular, 
we  refer  to  [DAC-BLA] ,  [VAL-COU] ,  and  [WOJ-CAM] .  The  data-processing 
part  of  the  required  system,  represented  by  the  interpretation  of  the 
low-level  PPS  description,  can  also  be  implemented  by  a  variety  of 
techniques.  A  direct,  register- transfer- level  approach  is  discussed 
in  [NOJ-CAM]  and  [NOJ] .  For  a  VLSI -implementation  of  the  system,  the 
method  of  implementing  a  data-path  chip  described  in  [MEA-CON]  becomes 
applicable.  Alternatively,  the  data-processing  part  can  be  implemented 
by  means  of  off-the-shelf  hardware  available  for  (loosely  coupled) 
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APPENDIX  A 


BASIC  LANGUAGE  CONCEPTS 

In  this  Appendix  we  introduce  a  few,  basic  language  concepts, 
used  in  this  Report. 

Let  E  denote  a  finite  alphabet.  We  denote  by  Z*  the  set  of 
all  finite  strings  (words)  of  symbols  from  I,  including  the  empty 
string  X. 

* 

A  language  L  over  L  is  any  subset  of  Z  . 

Let  Lj  and  L2  be  languages  over  E.  Their  concatenation 
is  defined  to  be 

Lj  o  L2  =  {xy|x  G  Lj  A  y  €  L2}, 

where  xy  denotes  the  concatenation  of  the  strings  x  and  y,  i.e. 

string  X  followed  by  string  y.  Usually,  we  write  x  0  L  for 

(x)  0  L. 
k 

n  L .  denotes  the  concatenation  L.  ®  L,  0 ...  0  L. . 
i^l  1  1  £  K 

For  any  language  L  we  set  L°  =  {X}  ,  and  l"  =  l"”^  0  L 
1  2 

for  n  ^  1.  Thus  L  =  L,  L  =  L  0  L,  etc.  Furthermore,  we  introduce 

«» 

the  usual  star-operation  L  =  U  L^. 

i=0 

Given  x  €  E*  and  y  €  E*,  the  shuffle  x  |1  y  is  the  language 
over  E  defined  recursively  as  follows: 

(1)  X  Ijx  =  {X}  ; 

(2)  o  ||x  =  X  ||o  =  {o},  for  every  a  €  E; 

(3)  Let  o  €  E,  T  €  E,  x  €  E*,  y  €  E*. 

Then  ox  ||  xy  »  [{o}o(x  1|  xy)]  U  [(x)© (ox  1|  y) ] . 

Thus,  if  X  «  0j02  ...  y  =  XjX2  ...  Xj^,  and  z  €  x  l|y,  then 
all  o.'s  and  xJs  appear  in  z  exactly  once;  the  relative  ordering 
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M.  Yoeli  and  T.  Etzion,  "Behavioral  Equivalence  of  Concurrent  Systems" 
presented  (by  first  author)  at  3rd  European  Workshop  on  Theory  and 
Applications  of  Petri  Nets,  Varenna,  Italy,  Sept.  27-30,  1982. 
Conference  Record,  pp.  465  -  478.  The  paper  is  also  to  appear  in 
the  selected  proceedings  of  the  workshop,  to  be  published  by  Springer- 
Verlag. 
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